Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!

oAuth2.0 Server Flow in V3 API

SOLVED
Go to solution
MattK9938
Rookie
0 Votes

We use Constant Contact to manage email campaigns and want to take advantage of your RESTful API to do some integration with our custom CRM.    

 

In looking through your API docs I have determined that the OAuth2.0 Server Flow is the right one for our purposes since it doesn’t require interaction by users.   I followed the steps outlined on the website(https://v3.developer.constantcontact.com/api_guide/server_flow.html).   I am stuck on Step 4: Exchange the Authorization Code for an Access Token and a Refresh Token.     I have built the POST request using JSON format in the body of the post.  Following are the specifics:

 

 

URL: https://idfed.constantcontact.com/as/token.oauth2

 

Headers:

 

"content-type: application/json"

"accept: application/json"

"authorization: Basic {authcode}"  , where {authcode} is the Base64 encoded version of our API Key and Secret gleaned from our My Applications page

 

Body:

{

"code" : "{code}",

"redirect_uri" : "https://www.oursite.com",

"grant_type" : "authorization_code",

}

 

where {code} is the code returned in the URL in Step 3

 

When I send the POST request I get the following error:

 

{"error_description":"grant_type is required","error":"invalid_request"}

 

As you can see in the Body above, “grant_type” is clearly being sent.   

 

Thoughts?

1 ACCEPTED SOLUTION
Jimmy_D
Employee
0 Votes

Hello @MattK9938 ,

 

Thank you for reaching out to Constant Contact's API Support.

 

Your code does look correct to me. I just went through POSTman and gave it a shot as well to make sure everything is working. I was able to get a valid response back. Here is my POST displayed as PHP cURL. Can you provide the full code snippet and not just that one body section? Maybe there is something in another section causing an issue.

 

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://idfed.constantcontact.com/as/token.oauth2?code=PKxX_IGvP06o24xOh3-UuEqWcncwyWhTl9ViaAEt&redirect_uri=https%3A%2F%2Flocalhost%2F%2A&grant_type=authorization_code",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "",
  CURLOPT_HTTPHEADER => array(
    "Authorization: Basic (base64-APIKey:ClientSecret)",
    "Postman-Token: 6a82b9b6-7657-409a-b481-4e0e65a5f722",
    "cache-control: no-cache"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Regards,
Jimmy D.
Tier II API Support Engineer

View solution in original post

7 REPLIES 7
Jimmy_D
Employee
0 Votes

Hello @MattK9938 ,

 

Thank you for reaching out to Constant Contact's API Support.

 

Your code does look correct to me. I just went through POSTman and gave it a shot as well to make sure everything is working. I was able to get a valid response back. Here is my POST displayed as PHP cURL. Can you provide the full code snippet and not just that one body section? Maybe there is something in another section causing an issue.

 

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://idfed.constantcontact.com/as/token.oauth2?code=PKxX_IGvP06o24xOh3-UuEqWcncwyWhTl9ViaAEt&redirect_uri=https%3A%2F%2Flocalhost%2F%2A&grant_type=authorization_code",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "",
  CURLOPT_HTTPHEADER => array(
    "Authorization: Basic (base64-APIKey:ClientSecret)",
    "Postman-Token: 6a82b9b6-7657-409a-b481-4e0e65a5f722",
    "cache-control: no-cache"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Regards,
Jimmy D.
Tier II API Support Engineer
MattK9938
Rookie
0 Votes

Hi Jimmy -

 

Here is the code using PostMan and JSON:

 

POST /as/token.oauth2 HTTP/1.1
Host: idfed.constantcontact.com
Content-Type: application/json
Accept: application/json
Authorization: Basic (base-64-APIkey:ClientSecret)
cache-control: no-cache
Postman-Token: b28d7fc5-f3ae-46f0-9c58-cb845c4baabd
{

"code" : "6msYLOZU3CtpMg-2IEzkjTsReeXvZIjpn6ZUQQEt",

"redirect_uri" : "https://www.oursite.com",

"grant_type" : "authorization_code"

}------WebKitFormBoundary7MA4YWxkTrZu0gW--

 

 

This returns the exact same error.

MattK9938
Rookie
0 Votes

I got it to work.  I ended up not using JSON in the POST Request and it worked fine.

 

Thank you Jimmy.  The code you posted got me thinking that I shouldn't use JSON.

user338672
Rookie
0 Votes

please help, i am getting error, trying to generate access token. 

dont worried about my api_key and secret key, i just have test information.

this is the error message: 

{"error":"unauthorized_client"}

 

import requests as r
import base64

client_id = "8b89ccfc-1003-4ab5-8200-8307aa43e7d4"
client_secret = "[redacted for security]"

client_id_secret = "{client_id}:{client_secret}".format(client_id,client_secret).encode("utf-8")

basic_auth = base64.b64encode(client_id_secret).decode("utf-8")

headers = {
"Authorization": "Basic " + basic_auth,
"Content-Type": "application/x-www-form-urlencoded",
}

response = r.post(auth_url, headers=headers)

print(response.text)
Courtney_E
Moderator
0 Votes

Hello user338672,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

It looks like you are using a V3 API key, but are missing some of the required elements in your request URL:

 

Create an Authorization Request URL

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-1-create-an-authorization-r...

 

V3 API OAuth2.0 Server Flow

https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

Please have a look and let us know if you have any other questions!


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
user338672
Rookie
0 Votes

Hi constant contact support team,

 

i am using the following curl to generate the access token, but when i try to used it into the endpoints to retrieve the data it says 

'error_key': 'unauthorized', 'error_message': 'Unauthorized'}

 

" curl -c cookie.txt -g -O -J -L -u 'username=email :password=passsword' "https://api.cc.email/v3/idfed?client_id=d658fc6d-37bf-49f5-a8f1-84b6a6a8400c&redirect_uri=https%3A%2... "

 

but when i used the token(into developer tools of the browser , local storage) from this website , it works properly

"https://v3.developer.constantcontact.com/api_reference/index.html#!/Email_Reporting/getCampaignActi...

 

 

please give me any advice

Courtney_E
Moderator
0 Votes

Hello user338672,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

What I’m seeing is the within our logs for the key generated by your account is that after the Authorization Request URL is sent and access to the account is granted, Authorization Code is being generated, but not used, and then expires. 

 

The Authorization Code only has a lifespan of 60 seconds in which it can be exchanged for your first token set:

Exchange the Authorization Code for an Access Token and Refresh Token

https://v3.developer.constantcontact.com/api_guide/server_flow.html#step-3-get-the-authorization-cod...

 

Also, it looks like the key you provided in your example hasn’t been updated to use the new OAuth2 configuration that was rolled out at the beginning of this week. The instructions to do this are in the link below. You have to log into the same user that created the keys in order to edit them, as well as generate a new Secret for use in your Authorization Request:

 

Update Your Applications to Use the New Authorization Service

https://developer.constantcontact.com/api_guide/auth_update_apps.html

 

This includes updating your application code to use our new authorization and token endpoints. If you do not update your application, it will no longer be able to connect to Constant Contact as of March 31, 2022.

 

When setting up your Authorization Request, you’ll also want to include the scope “offline_access”, which is required for returning refresh tokens in the new configuration:

 

OAuth2 Authorization Code Flow

https://developer.constantcontact.com/api_guide/server_flow.html


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up